--On Tuesday, April 21, 2015 2:18 AM +0200 Enterprise Spirit
<ldaptech+Etherape@kernelbug.org> wrote:
Howard Chu,
If you allow me to ask you something about gnutls directly, do you still
stand behind the statement you made here,
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
i know it's out of date but you said 'the code is fundamentally broken'.
I'm not knowledged about the internals of gnutls but i am very cusious if
you changed your mind since then.
It's funny you ask... There was a spirited debate with one of the GnuTLS
author's a while back about this, as they blogged that Howard was
incorrect. Howard pointed out on the blog
(<http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html
>) that he was in fact still correct, and gave examples. After which the
GnuTLS author deleted the entire conversation off of his blog, and locked
it down. That, to me, says worlds about how "safe" one can consider
GnuTLS.